Home page
Emergency Help
Evolution of Forensic Computing
Investigation Services
Laboratory Services
Computer Fraud/Abuse
Computer Security Review
Email Investigation
Expert Witness
Computer Crime Prevention
Forensic Techniques Used
Scope and Expertise
Risks and Pitfalls
Case Studies
Systems
Computer Electronic Disclosure
Training
Literature Request
Investigation Services
Laboratory Services
Computer Forensic Systems
Related pages
What to do if the unthinkable happens
Risks & Pitfalls
Common Danger Signs
Computer Crime Prevention
Computer Security Review

Risks and Pitfalls

The task of imaging a simple desktop PC may superficially seem quite trivial. However, for the data produced from the investigation to be of much use in a Court of Law, certain criteria must be met.

For example:

  • Can you be sure that you haven’t changed any of the time and date stamps of the files contained on the storage media?
  • Can you be sure that you haven’t changed the contents of the data itself?
  • Have you maintained an audit trail of the steps that you have taken?
  • Do you know what operations the computer performs when you turn it on or off?
Generally, unless you have been specifically trained to investigate computer systems the answer to these questions will be a resounding no.

Special forensic techniques have been developed in association with the Police and other law enforcement agencies to ensure that we are able to produce evidential images of computer material without compromising the evidential integrity of the data.

The techniques employed vary from system to system. However, it is essential to know the consequences of your actions before carrying them out.

Some of the problems that our customers have experienced in the past include:

  • Time and date stamps relating to critical files changed when booting the machine
  • Information in the ‘free space’ of the disk overwritten during the boot up
  • During an investigation a virus was spread corrupting many files on the system, resulting in a claim for damages being brought against the investigator
  • A server-based system was unable to be brought back to life after being inappropriately turned off. This resulted in a law suit and a claim for consequential damages against the firm of investigators
  • Whilst investigating a machine, a virus was found and then removed to prevent infection of the investigating software. The act of removing the virus changed many time and date stamps on the machine and, of course, changed the contents of the file containing the virus.
How Vogon can help
For immediate assistance please visit our emergency page for a list of contact phone numbers and enquiry form. To discuss your future Computer Forensic or Computer Security requirements with one our experienced investigators please contact us by letter, phone or email.

IT Security and Forensic Training courses are available to all personnel involved with the computer and/or data security. These courses aim to provide an comprehensive understanding of the risks involved when managing or using computer systems in business applications.

UK +44 (0) 1869 355255
Freephone 0800 581263		 investigate@vogon.co.uk USA +1 405 321 2585
Toll Free 1-800 392-5373		 investigate@vogon.us
München +49 (0) 89 3235030
Köln +49 (0) 2203 91547 400
Freecall 00800 42424200		 investigate@vogon.de Norway +47 2337 1400
Freecall 00800 42004242		 etterforskning@vogon.no

Copyright Vogon International. All rights reserved.  
Home Page | Investigation Services | Laboratory Services | Forensic Systems